Use the -attributes parameter for the setPolicyType and
setBinding commands to specify additional configuration information
for the SSLTransport policy and policy set binding. Application and
system policy sets can use the SSLTransport policy and binding.
Use the following commands and parameters
in the PolicySetManagement group of the AdminTask object to customize
your policy set configuration.
- Use the -attributes parameter for the getPolicyType
and getBinding commands to view the properties for your policy and
binding configuration. To get an attribute, pass the property name
to the getPolicyType or getBinding command.
- Use the -attributes parameter for the setPolicyType
and setBinding commands to add, update, or remove properties from
your policy and binding configurations. To add or update an attribute,
specify the property name and value. The setPolicyType and setBinding
commands update the value if the attribute exists, or adds the attribute
and value if the attribute does not exist. To remove an attribute,
specify the value as an empty string (""). The -attributes parameter
accepts a properties object.
Note: If a property name or value supplied with the -attributes parameter
is not valid, then the setPolicyType and setBinding commands fail
with an exception. The property that is not valid is logged as an
error or warning in the SystemOut.log file. However,
the command exception might not contain the detailed information for
the property that caused the exception. When the setPolicyType and
setBinding commands fail, examine the SystemOut.log file
for any error and warning messages that indicate that the input for
the -attributes parameter contains one or multiple
properties that are not valid.
New feature: This topic
references one or more of the application server log files. Beginning
in WebSphere Application Server Version 8.0 you can configure the
server to use the High Performance Extensible Logging (HPEL) log and
trace infrastructure instead of using
SystemOut.log ,
SystemErr.log,
trace.log,
and
activity.log files or native z/OS logging
facilities. If you are using HPEL, you can access all of your log
and trace information using the LogViewer command-line tool from your
server profile bin directory. See the information about using HPEL
to troubleshoot applications for more information on using HPEL.
newfeat
For transitioning users: In WebSphere
Application Server Version 7.0 and later, the security model was enhanced
to a domain-centric security model instead of a server-based security
model. The configuration of the default global security (cell) level
and default server level bindings has also changed in this version
of the product. In the WebSphere Application Server Version 6.1 Feature
Pack for Web Services, you can configure one set of default bindings
for the cell and optionally configure one set of default bindings
for each server. In Version 7.0 and later, you can configure one or
more general service provider bindings and one or more general service
client bindings. After you have configured general bindings, you can
specify which of these bindings is the global default binding. You
can also optionally specify general binding that are used as the default
for an application server or a security domain.
trns
To support a mixed-cell environment, WebSphere
Application Server supports Version 7.0 and Version 6.1 bindings.
General cell-level bindings are specific to Version 7.0 and later
Application-specific bindings remain at the version that the application
requires. When the user creates an application-specific binding,
the application server determines the required binding version to
use for application.
SSLTransport policy properties
Use
the SSLTransport policy to ensure message security.
Configure
the SSLTransport policy by specifying the following properties with
the setPolicyType command:
- outRequestSSLenabled
- Specifies whether to enable the SSL security transport for outbound
service requests.
- outAsyncResponseSSLenabled
- Specifies whether to enable the SSL security transport for asynchronous
service responses.
- inResponseSSLenabled
- Specifies whether to enable the SSL security transport for inbound
service responses.
The following setPolicyType command example
sets values for all SSLTransport policy properties:
AdminTask.setPolicyType('[-policySet "WSHTTPS default" -policyType SSLTransport
-attributes "[[inReponseSSLenabled yes][outAsyncResponseSSLenabled yes][outRequestSSLenabled
yes]]"]')
SSLTransport binding properties
Use
the SSLTransport policy type to ensure message security.
Configure
the SSLTransport binding by specifying the following properties using
the setBinding command:
- outRequestwithSSL:configFile
- outRequestwithSSL:configAlias
- If you enable SSL outbound service requests, then these two attributes
define the specific SSL security transport binding and location. The
default value for the outRequestwithSSL:configFile attribute is the
location of the ssl.client.props file. The default value for the outRequestwithSSL:configAlias
attribute is NodeDefaultSSLSettings.
- outAsyncResponsewithSSL:configFile
- outAsyncResponsewithSSL:configAlias
-
- If you enable SSL asynchronous service responses, then these two
attributes define the specific SSL security transport binding and
location. The default value for the outAsyncRequestwithSSL:configFile
attribute is the location of the ssl.client.props file. The default
value for the outAsyncRequestwithSSL:configAlias attribute is NodeDefaultSSLSettings.
- inResponsewithSSL:configFile
- inResponsewithSSL:configAlias
-
- If you enable SSL inbound service responses, then these two attributes
define the specific SSL security transport binding and location. The
default value for the inResponsewithSSL:configFile attribute is the
location of the ssl.client.props file. The default value for the
inResponsewithSSL:configAlias property is NodeDefaultSSLSettings.
The following setBinding command example sets values
for all SSLTransport binding attributes:
AdminTask.setBinding('[-bindingLocation "" -bindingName cellWideBinding2 -policyType
SSLTransport -attributes "[[inResponsewithSSL:configAlias NodeDefaultSSLSettings] [inResponsewithSSL:config
properties_directory/ssl.client.props][outAsyncResponsewithSSL:configFile properties_directory/ssl.client.props]
[outAsyncResponsewithSSL:configAlias NodeDefaultSSLSetings][outRequestwithSSL:configFile
properties_directory/ssl.client.props][outRequestwithSSL:configAlias NodeDefaultSSLSettings]]"]')